Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: March 2019
 
 

How to Verify That the Trusted Extensions Roles Work

To verify each role, assume the role. Then, perform tasks that only that role can perform and attempt tasks that the role is not permitted to perform.

Before You Begin

If you have configured DNS or routing, you must reboot after you create the roles and before you verify that the roles work.

  1. For each role, log in as a user who can assume the role.
  2. Assume the role.

    Open a terminal window.

    1. Switch to the role.
      % su - rolename
    2. Verify that the PRIV_PFEXEC flag is in effect.
      # ppriv $$
      ...
      flags = PRIV_PFEXEC
      ...
  3. Test the role.

    For the authorizations that are required to change user properties, see the passwd(1) man page.

    • The System Administrator role should be able to create a user and modify user properties that require the solaris.user.manage authorization, such as the user's login shell. The System Administrator role should not be able to change user properties that require the solaris.account.setpolicy authorization.

    • The Security Administrator role should be able to change user properties that require the solaris.account.setpolicy authorization. The Security Administrator should not be able to create a user or change a user's login shell.